NSA planned to infect Samsung, Google app stores with spyware

This site may earn affiliate commissions from the links on this page. Terms of use.

If you’re in the business of writing spyware or malware, smartphones are a tempting target. For many people, their phone or tablet is now the primary compute device they use to surf the web, access content, and explore new software. Google has had problems keeping the Google Play store free from malware and spyware, but new information suggests that both Google and Samsung almost faced a much more potent opponent — the NSA itself.

A report from The Intercept highlights how the NSA explored options for hacking the App Store and Google Play over several workshops held in Australia and Canada between November 2011 and February 2012. The projects used the Internet-monitoring Xkeyscore system to identify smartphone traffic, then trace that traffic back to app stores. This led to a project dubbed Irritant Horn, the point of which was to develop the ability to distribute “implants” that could be installed when the smartphones in question attempted to connect to Google or Samsung app stores.

The NSA has targeted mobile devices ever since the post-Patriot Act era made such warrantless comprehensive spying legal, but it’s never been clear how the organization managed to tap certain hardware in the first place. The goal was twofold: First, use app stores to launch spyware campaigns and second, gather information about the phone users themselves by infiltrating the app stores in question.

The reference to “Another Arab spring,” refers to the fact that the events of 2010-2011 apparently caught western intelligence agencies off-guard, with few resources that could quickly be brought to bear. The NSA wanted to be aware of future events before they happened. Note, however, that this has precious little to do with the direct goal of protecting the United States from terrorism.

Few would argue that the US should not monitor the activities of known threats, but where was the threat from internal strife and the possible toppling of autocratic governments? It’s true that in the longer run, some new governments might pursue policies that the United States found less desirable than those of the previous regime, but there’s an enormous leap between “We don’t like Country X’s new trade policy,” and “Country X is actively assisting terrorist groups to carry out an attack on the United States.”

The NSA was primarily interested in the activities of African countries. But in the course of investigating these possibilities, it discovered significant security flaws in a program called UC Browser, used by nearly half a billion people in East Asia. Instead of disclosing the security vulnerability, the NSA and other foreign intelligence groups chose to exploit it — thereby increasing the chances that other criminal elements would have time to find and exploit it as well.

These issues are at the heart of the debate over what the NSA’s role should be in the future. There’s always been tension over whether the NSA should weaken or strengthen the cryptographic standards that allow for secure communication. That discussion may be even more nuanced when it involves software produced by foreign companies. There are few signs, however, that such nuanced discussions of capability have ever occurred. Instead, we continue to see intelligence resources deployed with the goal of vacuuming up all information from any source, regardless of legal precedent or cooperation.

The future of the Patriot Act and the scope of NSA’s future powers remains in some doubt. Senator Rand Paul gave a 10-hour speech yesterday aimed at derailing support for the Patriot Act (his actions were not properly a filibuster, because a vote on the renewal of Section 215 wasn’t actually before the chamber at the time). Others in the House of Representatives have called for a full appeal of the Patriot Act’s provisions, and the Federal Appeals Court for the Second Circuit recently ruled that the current spying program is illegal under the Patriot Act as it stands.

Tagged In

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.

Email

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our
Terms of Use and
Privacy Policy. You may unsubscribe from the newsletter at any time.